The potential impact of Brexit is deceptively far-reaching, from the UK automotive trade and the financial services market to the fundamental rights of EU citizens on these shores.
We’ve also seen Brexit impact on the EU’s comprehensive General Data Protection Regulation (GDPR) legislation, with Google set to move its UK user data and accounts from the single bloc to the U.S. during the next 12 months. This will place British customers outside of GDPR’s strong privacy protections, raising significant issues pertaining to data sharing and online safety.
But how exactly will the GDPR be impacted by Brexit in the coming months, and what will happen at the end of the transition period on December 31st of this year.
Does The UK Still Need To Comply With The Terms Of GDPR?
The UK formally left the single bloc at 11pm on January 31st, triggering the commencement of an 11-month period in which Boris Johnson’s government must negotiate an amicable trade deal with the EU.
This will determine the precise nature of the future relationship between the UK and the EU, and despite concerns about the narrow timeline there’s little chance of this being extended into the formative months of 2021.
During the so-called transition period, however, the UK will still be required to comply with all EU laws and protocols, including the GDPR. This means that nothing will change for businesses or consumers in the near-term, although firms may want to use this time to prepare themselves for all eventualities following the end of the transition period.
What Will Happen At The End Of The Transition Period?
As we’ve already said, the transition period is likely to end at midnight on December 31st, and while there’s the potential for this to be extended, Boris Johnson has moved to rule this out as a viable possibility.
Regardless of when the transition period ends, however, the EU’s GDPR legislation will no longer apply directly in the UK. However, it’s expected that British firms will continue to comply with this law even after it has left the single bloc, because the DPA 2018 enacts this legislation in UK law.
This creates a window of opportunity for the UK to craft its own legislation, while the introduction of a statutory instrument (the Data Protection, Privacy and Electronic Communications Regulations 2019) amends certain clauses of the DPA 2018 and merges it with aspects of the GDPR to create a body of law that can sustain UK and EU collaborations post-Brexit.
This is an important consideration, as the UK will need to create data protection laws that meet the existing standards of EU members, especially if they’re to trade freely with their partners going forward.
To understand the implications for your particular business in further detail, we’d recommend seeking out bespoke and expert devices from established legal firms such as Withers.
At the very least, this will help you to prepare for a changeable data protection climate post-Brexit, ensuring that you’re able to comply and safeguard your customers fully.